INFORMATION SECURITY IN THE CLOUD

Organizations have taken seriously the issue of using the cloud as a technological infrastructure for managing their information, however, this decision leads to taking into account the need to mitigate threats that affect the normal operation of our infrastructure on the network. , Currently this point has been evaluated by different specialists in Cloud Computing, the Cloud Security Alliance (CSA), I identify some threats that organizations face in 2016, when protecting their information in the cloud, generating in turn a report with The purpose of helping customers and service providers to focus their defensive efforts against such threats.

These efforts are focused on eliminating security gaps in the data hosted on servers, raising the level of authentication, minimizing the use of APIs and Interfaces that compromise the security of services, performing verification tasks to reduce vulnerabilities in systems, implementing Validation controls to avoid potential account hijackings, limit the abuse of cloud services, among other efforts that minimize our information.

In this same vein, currently providers that provide cloud services, say in their different modalities (software as a service, platform as a service and infrastructure as a service) and in their deployment models (private, public, hybrid, and community). ), have been increasing security levels in data centers, taking as a starting point, the mitigation of threats that put their customers' information at risk.

On the other hand, the responsibility for the security of information in the cloud must be given to both the customer and the service provider, the latter must ensure that the infrastructure offered is secure and that the information of its customers will be safe, Likewise, users, for their part, must take measures to strengthen their applications and use strong passwords and authentication measures, which prevent back doors that are exploited by malicious hackers.

In this sense, cloud service providers must guarantee security through continuous checks in their data centers. Additionally, data centers must be frequently monitored against suspicious activity as this guarantees having early alerts that facilitate the application of timely contingency measures, likewise, providers must provide the correct isolation of their customers' data and define a logical segregation of storage, it is understood that there must be backup policies, with a respective monitoring and control process.